From 8957fec33242bb695c6844e7aadfa5f76511a7f4 Mon Sep 17 00:00:00 2001 From: gqh Date: Tue, 31 Jan 2023 11:30:13 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=AF=86=E7=A0=81=E9=94=99?= =?UTF-8?q?=E8=AF=AFbug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controllers/main.py | 90 ++++++------------- 1 file changed, 25 insertions(+), 65 deletions(-) diff --git a/yizuo_login_background_and_styles/controllers/main.py b/yizuo_login_background_and_styles/controllers/main.py index 4ddcdf6f..6412ba67 100644 --- a/yizuo_login_background_and_styles/controllers/main.py +++ b/yizuo_login_background_and_styles/controllers/main.py @@ -35,85 +35,43 @@ from odoo import http class Home(home.Home): - @http.route('/web/login', type='http', auth="public") + @http.route('/web/login', type='http', auth="none") def web_login(self, redirect=None, **kw): home.ensure_db() request.params['login_success'] = False if request.httprequest.method == 'GET' and redirect and request.session.uid: return request.redirect(redirect) + # so it is correct if overloaded with auth="public" if not request.uid: - request.uid = odoo.SUPERUSER_ID + request.update_env(user=odoo.SUPERUSER_ID) + # values = {k: v for k, v in request.params.items() if k in SIGN_UP_REQUEST_PARAMS} values = request.params.copy() try: values['databases'] = http.db_list() except odoo.exceptions.AccessDenied: values['databases'] = None + if request.httprequest.method == 'POST': - old_uid = request.uid - uid = request.session.authenticate(request.session.db, - request.params['login'], - request.params['password']) - if uid is not False: - # user_rec = request.env['res.users'].sudo().search( - # [('id', '=', uid)]) - # if user_rec.partner_id.email and user_rec.has_group( - # 'user_login_alert.receive_login_notification'): - # send_mail = 0 - # agent = request.httprequest.environ.get('HTTP_USER_AGENT') - # agent_details = httpagentparser.detect(agent) - # user_os = agent_details['os']['name'] - # browser_name = agent_details['browser']['name'] - # ip_address = request.httprequest.environ['REMOTE_ADDR'] - # if user_rec.last_logged_ip and user_rec.last_logged_browser and user_rec.last_logged_os: - # if user_rec.last_logged_ip != ip_address or user_rec.last_logged_browser != browser_name or user_rec.last_logged_os != user_os: - # send_mail = 1 - # user_rec.last_logged_ip = ip_address - # user_rec.last_logged_browser = browser_name - # user_rec.last_logged_os = user_os - # else: - # send_mail = 0 - # else: - # send_mail = 1 - # user_rec.last_logged_ip = ip_address - # user_rec.last_logged_browser = browser_name - # user_rec.last_logged_os = user_os - # if send_mail == 1: - # email_to = user_rec.partner_id.email - # current_date_time = strftime("%Y-%m-%d %H:%M:%S", - # gmtime()) - # message_body = 'Hi ' + user_rec.name + ' , Your account has been ' \ - # 'accessed successfully. The details of the ' \ - # 'system from which the account is accessed ...,' - # message_body += '' - # message_body += '' \ - # '' \ - # '' \ - # '' \ - # '' \ - # '' \ - # '' \ - # '' \ - # '' - # message_body += '
' + 'OS' + '' + user_os + '
' + 'Browser' + '' + browser_name + '
' + 'IP Address' + '' + ip_address + '
' - # message_body += 'Thank you' - # template_obj = request.env['mail.mail'] - # template_data = { - # 'subject': 'Login Alert : ' + current_date_time, - # 'body_html': message_body, - # 'email_from': request.env.user.company_id.email, - # 'email_to': email_to - # } - # template_id = template_obj.create(template_data) - # template_obj.send(template_id) + try: + uid = request.session.authenticate(request.db, request.params['login'], request.params['password']) request.params['login_success'] = True - if not redirect: - redirect = '/web' - return request.redirect( - self._login_redirect(uid, redirect=redirect)) - request.uid = old_uid - values['error'] = _("Wrong login/password") + return request.redirect(self._login_redirect(uid, redirect=redirect)) + except odoo.exceptions.AccessDenied as e: + if e.args == odoo.exceptions.AccessDenied().args: + values['error'] = _("密码输入错误") + else: + values['error'] = e.args[0] + else: + if 'error' in request.params and request.params.get('error') == 'access': + values['error'] = _('Only employees can access this database. Please contact the administrator.') + + if 'login' not in values and request.session.get('auth_login'): + values['login'] = request.session.get('auth_login') + + if not odoo.tools.config['list_db']: + values['disable_database_manager'] = True # get confi login set param_obj = request.env['ir.config_parameter'].sudo() @@ -145,5 +103,7 @@ class Home(home.Home): else: response = request.render('yizuo_login_background_and_styles.middle_login_template', values) - response.headers['X-Frame-Options'] = 'DENY' + response.headers['X-Frame-Options'] = 'SAMEORIGIN' + response.headers['Content-Security-Policy'] = "frame-ancestors 'self'" + assert isinstance(response, object) return response